SAML trusted resolution and self-describing XRDS documents

[Markus Sabadello <markus.sabadello@xdi.org>]

Hi XRI TC,

A question came up on the OpenXRI list regarding SAML trusted resolution. This question concerns XRI Resolution 2.0 (http://www.oasis-open.org/committees/download.php/27432/xri-resolution-V2.0-cd-02-rv-04.pdf).

In SAML trusted resolution, a SAML assertion is included in an XRD by an authority resolution server, and the following rules apply (from section 10.2.2.2):
- The xrd:XRD/saml:Assertion/saml:Subject/saml:NameID element MUST be present and equal to the xrd:XRD/xrd:Query element.
- The NameQualifier attribute of the xrd:XRD/saml:Assertion/saml:Subject/saml:NameID element MUST be present and MUST be equal to the xrd:XRD/xrd:ProviderID element.

The question is, what would the SAML assertion look like in case of a self-describing XRDS document (section 9.1.6). In this case, an authority is publishing an XRD about itself, and there is no query / no subsegment to be resolved. My answer would be either
- Following the above rule, since there is no query, there's no NameID either. Not sure if that works in SAML.
- The NameID must be equals to the XRI (i-number?) of the authority.

If you have thoughts on this, please share them. Or maybe it's somewhere in the spec and I just didn't find it.

Markus